An attacker appears to have installed a token-draining program on the official domain for dYdX version 3.0.
The website for crypto exchange dYdX’s version 3.0 has been “compromised,” according to a July 23 social media post from the exchange’s team. However, the team stated that version 4.0 on Cosmos has not been compromised and is functioning normally. Users are being warned that they should not “visit the website [for v3] or click any links until further notice.”
The user interface for dYdX v3 is located at dydx.exchange.
dYdX has confirmed that the app’s smart contracts have not been compromised. Only the user interface is affected, so funds currently deposited should not be at risk, and the site should not be used to attempt withdrawals.